Sign-up

ID

VAR-201209-0244


CVE

CVE-2012-3004


TITLE

plural RealFlex Vulnerability gained in products

Trust: 0.8

sources: JVNDB: JVNDB-2012-004246

DESCRIPTION

Multiple untrusted search path vulnerabilities in RealFlex RealWin before 2.1.13, FlexView before 3.1.86, and RealWinDemo before 2.1.13 allow local users to gain privileges via a Trojan horse (1) realwin.dll or (2) keyhook.dll file in the current working directory. plural RealFlex There is a vulnerability in the product that can be obtained because the processing related to the search path is incomplete. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. (1) realwin.dll Or (2) keyhook.dll It may be possible to get permission through the file. RealWin is a data acquisition and monitoring control system (SCADA) server product running on the Windows platform. FlexView is a human interface product for Eston Automation. Multiple RealFlex products are not installed in the library file, and an attacker can build a malicious DLL file, store it in a remote WebDAV or SMB share, entice the application to parse, and execute arbitrary code in the application context. Multiple RealFlex products are prone to an insecure library loading vulnerability

Trust: 2.61

sources: NVD: CVE-2012-3004 // JVNDB: JVNDB-2012-004246 // CNVD: CNVD-2012-5010 // BID: 55464 // IVD: 63c9cf40-2353-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 63c9cf40-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-5010

AFFECTED PRODUCTS

vendor:realflexmodel:realwinscope:eqversion:1.06

Trust: 1.6

vendor:realflexmodel:realwinscope:eqversion:2.1

Trust: 1.6

vendor:realflexmodel:realwinscope:eqversion:2.0

Trust: 1.6

vendor:realflexmodel:realwindemoscope:lteversion:2.1.12

Trust: 1.0

vendor:realflexmodel:realwinscope:lteversion:2.1.12

Trust: 1.0

vendor:realflexmodel:flexviewscope:lteversion:3.1.85

Trust: 1.0

vendor:realflexmodel:flexviewscope:ltversion:3.1.86

Trust: 0.8

vendor:realflexmodel:realwinscope:ltversion:2.1.13

Trust: 0.8

vendor:realflexmodel:realwindemoscope:ltversion:2.1.13

Trust: 0.8

vendor:realflexmodel:realwindemoscope:lteversion:<=2.1.12

Trust: 0.6

vendor:realflexmodel:realwinscope:lteversion:<=2.1.12

Trust: 0.6

vendor:realflexmodel:flexviewscope:lteversion:<=3.1.85

Trust: 0.6

vendor:realflexmodel:realwindemoscope:eqversion:2.1.12

Trust: 0.6

vendor:realflexmodel:realwinscope:eqversion:2.1.12

Trust: 0.6

vendor:realflexmodel:flexviewscope:eqversion:3.1.85

Trust: 0.6

vendor:realwinmodel: - scope:eqversion:1.06

Trust: 0.2

vendor:realwinmodel: - scope:eqversion:2.0

Trust: 0.2

vendor:realwinmodel: - scope:eqversion:2.1

Trust: 0.2

vendor:realwinmodel: - scope:eqversion:*

Trust: 0.2

vendor:flexviewmodel: - scope:eqversion:*

Trust: 0.2

vendor:realwindemomodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 63c9cf40-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-5010 // JVNDB: JVNDB-2012-004246 // CNNVD: CNNVD-201209-148 // NVD: CVE-2012-3004

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3004
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-3004
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201209-148
value: MEDIUM

Trust: 0.6

IVD: 63c9cf40-2353-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2012-3004
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 63c9cf40-2353-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 63c9cf40-2353-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2012-004246 // CNNVD: CNNVD-201209-148 // NVD: CVE-2012-3004

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2012-004246 // NVD: CVE-2012-3004

THREAT TYPE

local

Trust: 0.9

sources: BID: 55464 // CNNVD: CNNVD-201209-148

TYPE

other

Trust: 0.8

sources: IVD: 63c9cf40-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201209-148

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-004246

PATCH
title:Top Pageurl:http://www.realflex.com/
Trust: 0.8
title:Multiple RealFlex product insecure libraries load patches for arbitrary code execution vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/21891
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-5010 // 
            
            
            
            JVNDB: JVNDB-2012-004246

EXTERNAL IDS
db:NVDid:CVE-2012-3004
Trust: 3.5
db:ICS CERTid:ICSA-12-251-01
Trust: 3.3
db:CNVDid:CNVD-2012-5010
Trust: 0.8
db:CNNVDid:CNNVD-201209-148
Trust: 0.8
db:JVNDBid:JVNDB-2012-004246
Trust: 0.8
db:BIDid:55464
Trust: 0.3
db:IVDid:63C9CF40-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 63c9cf40-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2012-5010 // 
            
            
            
            BID: 55464 // 
            
            
            
            JVNDB: JVNDB-2012-004246 // 
            
            
            
            CNNVD: CNNVD-201209-148 // 
            
            
            
            NVD: CVE-2012-3004

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-12-251-01.pdf
Trust: 3.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3004
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3004
Trust: 0.8
url:http://realflex.com/products/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2012-5010 // 
            
            
            
            BID: 55464 // 
            
            
            
            JVNDB: JVNDB-2012-004246 // 
            
            
            
            CNNVD: CNNVD-201209-148 // 
            
            
            
            NVD: CVE-2012-3004

CREDITS
Carlos Mario Penagos Hollmann
Trust: 0.3
sources:
            
            
            BID: 55464

SOURCES
db:IVDid:63c9cf40-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-5010
db:BIDid:55464
db:JVNDBid:JVNDB-2012-004246
db:CNNVDid:CNNVD-201209-148
db:NVDid:CVE-2012-3004

LAST UPDATE DATE
2025-04-11T23:07:20.031000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-5010date:2012-09-11T00:00:00
db:BIDid:55464date:2012-09-07T00:00:00
db:JVNDBid:JVNDB-2012-004246date:2012-09-12T00:00:00
db:CNNVDid:CNNVD-201209-148date:2012-09-13T00:00:00
db:NVDid:CVE-2012-3004date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:63c9cf40-2353-11e6-abef-000c29c66e3ddate:2012-09-11T00:00:00
db:CNVDid:CNVD-2012-5010date:2012-09-11T00:00:00
db:BIDid:55464date:2012-09-07T00:00:00
db:JVNDBid:JVNDB-2012-004246date:2012-09-12T00:00:00
db:CNNVDid:CNNVD-201209-148date:2012-09-13T00:00:00
db:NVDid:CVE-2012-3004date:2012-09-08T10:28:20.510